Some Cyber Attackers Lie Low

Some of the hackers who have persistently attacked Lockheed Martin’s networks have “gone quiet” in recent months, officials told reporters yesterday at an Arlington, Virginia, media summit hosted by the company’s recently restructured Defense and Intelligence Solutions division. “We’ve seen a number of the adversaries—I wouldn’t say they’ve disappeared—but they’ve gone quiet,” said Darrell Durst, Lockheed Martin’s vice president, cyber solutions. “I think we have been able to counter a number of the adversaries relative to our networks.”

Those adversaries, most likely, are searching for alternative methods for attacking the company’s networks, he clarified. “Lockheed Martin has a number of suppliers out there. If the information they want is within the Lockheed Martin enterprise, they’ll go through a supplier potentially who has an information technology connection to Lockheed Martin,” Durst said. “They will go through that supplier who they think may not be protecting their systems as aggressively.”

The quiet period has lasted for about six months, Durst said, and is likely triggered by government and industry sharing information about attackers and their methods. “We share that information that we have on our adversaries with the government. That sharing of information, I think, has been key to some of our adversaries going quiet,” Durst offered. “That is no indication that they’ve gone away. Even if it were up to two years, that is not necessarily an indication that they’ve gone away. They’ve just maybe been able to change their techniques and tactics,” he added.

Retired Lt. Gen. Charles Croom, USAF, the company’s vice president, cyber strategy and government relations, specifically credited the Mandiant report on cyber threats. “Since we’ve started publicizing their attacks, they’ve slowed down their attacks,” Croom said. “The good news is that they’re not attacking Lockheed Martin anymore because we’re too hard. But they’re going to our suppliers. Just like any offensive capability, you try to find a weakness, and you go there.”

Croom added that of the 10 original adversaries the company saw in 2003 when it first started monitoring its own networks, eight are still active. Additionally, while some may be quiet for now, others continually pop up.